CVE-2021-23201Sensitive Information Exposure in Nvidia GPU AND Tegra Hardware

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 88.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nvidia GPU AND Tegra Hardware
Timeline
PublishedNov 20
Latest updateFeb 9

Description

NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages1 packages

CVEListV5nvidia/nvidia_gpu_and_tegra_hardwareTuring, Volta, Pascal, Maxwell, Tegra X1, Tegra X1+, Tegra TX2, Xavier

🔴Vulnerability Details

2
GHSA
GHSA-cwp3-mhhm-w8cr: NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller which may allow a user with elevated privileges to generate valid2022-02-09
CVEList
CVE-2021-23201: NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate vali2021-11-20
CVE-2021-23201 — Sensitive Information Exposure | cvebase